Lucene search

K
suseSuseOPENSUSE-SU-2018:4125-1
HistoryDec 14, 2018 - 6:10 p.m.

Security update for phpMyAdmin (moderate)

2018-12-1418:10:36
lists.opensuse.org
137

EPSS

0.242

Percentile

96.7%

This update for phpMyAdmin fixes security issues and bugs.

Security issues addressed in the 4.8.4 release (bsc#1119245):

  • CVE-2018-19968: Local file inclusion through transformation feature
  • CVE-2018-19969: XSRF/CSRF vulnerability
  • CVE-2018-19970: XSS vulnerability in navigation tree

This update also contains the following upstream bug fixes and
improvements:

  • Ensure that database names with a dot (‘.’) are handled properly when
    DisableIS is true
  • Fix for message "Error while copying database (pma__column_info)"
  • Move operation causes "SELECT * FROM undefined" error
  • When logging with $cfg[‘AuthLog’] to syslog, successful login messages
    were not logged when $cfg[‘AuthLogSuccess’] was true
  • Multiple errors and regressions with Designer